Posted March 29, 2023

IRS to businesses: Beware of spearphishing

The Internal Revenue Service has warned tax professionals and businesses that they remain a top target for identity thieves and face threats from common scams on this year’s IRS Dirty Dozen list. As part of the annual Dirty Dozen tax scams effort, the IRS and the Security Summit partners are urging tax professionals and businesses to be on the lookout for a variety of suspicious email requests.

The IRS’ annual Dirty Dozen campaign is a list of 12 scams and schemes that put taxpayers and the tax professional community at risk of losing money, personal information, data and more. 

Through spearphishing emails, scammers try to steal client data, tax software preparation credentials and tax preparer identities with the goal of getting fraudulent tax refunds. These requests can range from an email that looks like it’s from a potential new client to a request targeting payroll and human resource departments asking for sensitive Form W-2 information.

"It’s vitally important for tax professionals and businesses to maintain a strong defense against cyberattacks like spearphishing,” said IRS Commissioner Danny Werfel. “The information these businesses have on their systems is extremely valuable to an identity thief looking to steal identities and file fraudulent tax returns. There are simple steps that tax pros and businesses can take to avoid being fooled by these common schemes, including extra caution when opening emails, clicking on links or sharing sensitive client data. Extra care can go a long way to protect tax professionals and businesses as well as their clients.”

Working together as the Security Summit, the IRS, state tax agencies and the nation’s tax industry have taken numerous steps since 2015 to strengthen internal systems and controls to protects against tax-related identity theft.

As part of this effort, the IRS and Summit partners continue to warn people about common scams and schemes during tax season and beyond that can threaten a taxpayer’s personal and financial information. The Security Summit initiative is committed to protecting taxpayers, businesses and the tax system from scammers and identity thieves, and the Dirty Dozen is part of the larger effort.

Side-step spearphishing: Cyber security tips for tax pros and businesses

Phishing is a term given to emails or text messages designed to get users to provide personal information, either directly or by clicking on a link or attachment. Spearphishing is a tailored phishing attempt to a specific organization or business.
The IRS is warning tax professionals about spearphishing because there is greater potential for harm if the tax preparer has a data breach. A successful spearphishing attack can ultimately steal client data and the tax preparer’s identity, allowing the thief to file fraudulent returns.

A taxpayer becoming a victim of tax-related identity theft is certainly an issue with spearphishing, but criminals seeking tax preparer credentials or access to their client’s tax-related information increases the potential number of victims.
Spearphishing begins with a suspicious email – one that may appear as a tax preparation application or another e-service or platform. Some scammers will even use the IRS logo and claim something like “Action Required: Your account has now been put on hold.” Often these emails stress urgency and will ask tax pros or businesses to click on links to input or verify information.

How to side-step spearphishing:

  • Never click suspicious links.
  • Double check the requests with the original sender.
  • Be vigilant year-round, not just during filing season.

Client impersonation: Spearphishing aimed at tax pros
The IRS and its Security Summit partners continue to see spearphishing attempts that impersonate a new potential client, known as the "New Client" scam. If the tax preparer responds, the scammer sends a malicious attachment or URL that ultimately enables them to gain access to sensitive client information on the tax preparer’s computer systems.

Bogus requests for W-2s: Spearphishing aimed at businesses
The IRS wants to warn businesses about another specific spearphishing scam that targets employees in payroll or accounting departments. These employees might get an email that looks like it comes from an official source requesting W-2s for all employees. The payroll department might accidentally reply with these important documents, which would provide scammers with W-2 data on employees that can be used to commit fraud.

The IRS recommends using a two-person review process when receiving these types of requests for W-2s. The IRS also recommends any requests for payroll be submitted through an official process, like the employer’s Human Resources portal.

Make a difference: Report fraud, scams and schemes

Individuals should never respond to tax-related phishing or spearfishing or click on the URL link. Instead, the scams should be reported by sending the email or a copy of the text/SMS as an attachment to The report should include the caller ID (email or phone number), date, time and time zone, and the number that received the message.